A Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on Fuzzing
The existing fuzzing methods for industrial control protocol do not consider the characteristics of the embedded terminal systems, and have few research on the industrial control protocol without TCP/IP. Firstly, a fuzzing-based method for mining generic object-oriented substation event (GOOSE) prot...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
State Grid Energy Research Institute
2022-04-01
|
| Series: | Zhongguo dianli |
| Subjects: | |
| Online Access: | https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202109105 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The existing fuzzing methods for industrial control protocol do not consider the characteristics of the embedded terminal systems, and have few research on the industrial control protocol without TCP/IP. Firstly, a fuzzing-based method for mining generic object-oriented substation event (GOOSE) protocol parsing vulnerabilities is proposed: the mutation mode is used to generate test cases, and three mutation strategies are presented based on GOOSE message field type, abstract syntax notation one (ASN.1) encoding mode and bit reversal; two terminal abnormalities monitoring methods are proposed based on GOOSE heartbeat message and system operation information. Then, the implementation system architecture and test process of the proposed method are designed. Two undisclosed GOOSE protocol parsing vulnerabilities are discovered in testing the embedded terminals of a manufacturer in a smart substation laboratory environment, which verifies the effectiveness of the proposed method. Finally, recommendations for preventing malformed message attacks are put forward based on such vulnerabilities. |
|---|---|
| ISSN: | 1004-9649 |